framework-migration-code-migrate
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The MigrationAnalyzer class in resources/implementation-playbook.md reads files from the source path using rglob('*'). Boundary markers: There are no delimiters or instructions to ignore embedded commands. Capability inventory: The skill provides logic for generating scripts that perform file operations and network requests. Sanitization: No sanitization is applied to the ingested content.
- [EXTERNAL_DOWNLOADS]: The MigrationMonitor implementation in resources/implementation-playbook.md generates HTML that references the Chart.js library from the well-known jsdelivr CDN.
- [COMMAND_EXECUTION]: The skill includes logic in resources/implementation-playbook.md for generating Python CLI tools using the click library, which include functionality for file system access and migration task execution.
Audit Metadata